CVE-2022-28734
Summary
| CVE | CVE-2022-28734 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-07-20 01:15:00 UTC |
|---|
| Updated | 2024-01-16 19:43:00 UTC |
|---|
| Description | Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| oss-security - [SECURITY PATCH 00/30] Multiple GRUB2 vulnerabilities - 2022/06/07
round |
MISC |
www.openwall.com |
|
| July 2023 Grub Vulnerabilities in NetApp Products | NetApp Product Security |
MISC |
security.netapp.com |
|
| CVE -
CVE-2022-28734 |
MISC |
cve.mitre.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159883 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9471)
- 159884 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9469)
- 159943 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-5099)
- 159967 Oracle Enterprise Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ELSA-2022-5095)
- 159985 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9596)
- 159986 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-9595)
- 161027 Oracle Enterprise Linux Security Update for grub2 (ELSA-2023-12952)
- 181035 Debian Security Update for grub2 (CVE-2022-28734)
- 240473 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5100)
- 240474 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5099)
- 240476 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5096)
- 240477 Red Hat Update for grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5095)
- 282811 Fedora Security Update for grub2 (FEDORA-2022-27932fdd06)
- 282866 Fedora Security Update for grub2 (FEDORA-2022-9b4f9af4ce)
- 354332 Amazon Linux Security Advisory for grub2 : ALAS2022-2022-109
- 354535 Amazon Linux Security Advisory for grub2 : ALAS-2022-109
- 355137 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-020
- 355617 Amazon Linux Security Advisory for grub2 : ALAS2-2023-2146
- 377130 Alibaba Cloud Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0134)
- 377622 Alibaba Cloud Linux Security Update for grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0164)
- 672021 EulerOS Security Update for grub2 (EulerOS-SA-2022-2242)
- 672026 EulerOS Security Update for grub2 (EulerOS-SA-2022-2221)
- 672031 EulerOS Security Update for grub2 (EulerOS-SA-2022-2255)
- 672032 EulerOS Security Update for grub2 (EulerOS-SA-2022-2268)
- 672109 EulerOS Security Update for grub2 (EulerOS-SA-2022-2318)
- 672131 EulerOS Security Update for grub2 (EulerOS-SA-2022-2289)
- 672248 EulerOS Security Update for grub2 (EulerOS-SA-2022-2611)
- 710619 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202209-12)
- 752214 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2037-1)
- 752215 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2041-1)
- 752216 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2036-1)
- 752217 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2035-1)
- 752218 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2038-1)
- 752221 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2064-1)
- 752229 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2022:2074-1)
- 907524 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (27552-1)
- 940639 AlmaLinux Security Update for grub2, (ALSA-2022:5095)
- 940640 AlmaLinux Security Update for grub2, (ALSA-2022:5099)
- 960155 Rocky Linux Security Update for grub2, (RLSA-2022:5095)
- 960538 Rocky Linux Security Update for grub2, (RLSA-2022:5099)
